A flaw in the Drive is being exploited to send out seemingly legitimate emails and push notifications from Google that, if opened, could land people on malicious websites. The scam itself is nothing new – messages asking you to click on dodgy links are as old as the internet itself – but could catch a lot of people off guard.
The smartest part of the scam is that the emails and notifications it generates come directly from Google. By default, Drive wants you to know when someone has mentioned you on a document. In a work setting, this could be a colleague asking you to check over a slide in a presentation or a brief for a new project. For scammers, it’s a clever way of putting a malicious link right in front of a potential victim.
Read the full article at Wired